Hubba's Blog

Category Archives | Automation | HowTo | Packaging (RPM) | Shell Scripting | System - AIX | System - Apple / OSX | System - Linux | System - Solaris | System - Windows | Toys and Gadgets | Virtualization |

Date Archives | August 2025 | June 2025 | February 2025 | December 2024 | March 2024 | February 2024 | December 2023 | August 2023 | June 2023 | March 2023 | October 2022 | June 2022 | November 2020 | March 2012 | December 2011 | October 2011 | September 2011 | December 2010 | July 2010 | June 2010 |

RSS Feed

EXIT

LIFX device onboarding on iPhone

Posted on Sun, Aug 17, 2025 at 10:11 by Hubertus A. Haniel

I have several of these LIFX bulbs around my house and they are pretty cool and reliable most of the time but sometimes one of them will drop of the network and refuses to reconnect to the WiFi. This happens only on very rare occasions hence I am writing this note as when it happens it takes me hours trying to figure out how to get it removed and on boarded again searching the web for documentation.

The standard way of first on boarding it into HomeKit does not seem to always work for me as my phone does not seem to find the light or the light ends up on the wrong WiFi because I have multiple WiFi in the house that serve different use cases and I am trying to separate stuff for security reasons.

Before you start you should ensure your iPhone is not connected to any VPN etc but your proper WiFi network - I have Wire Guard configured to come on when I am not connected to my normal WiFi to enable me to connect back into my network when I am out and about.

So first I remove the light from HomeKit and the LIFX app completely and reset it by turning on and back of 5 times. On the 5th time it should cycle through all the colors meaning it is reset and in pairing mode.

Then I use the manual way so I wait for 15 minutes for it to come out of "HomeKit mode" so the device in my WiFi selection of the iPhone will not be in the "Set up new device" but it will show in "Other Networks". - If it shows under "My Networks" because you have done this before, you should forget the device from your settings as you will not be able to tell what mode it is in. When it is in "Other Networks " you can connect to it and then use the LIFX app to manually add it to the WiFi you want.

Now this is the part which always gets me - How do you get it to show up in home kit as well now? - When you go into your Light Settings in the LIFX for that bulb in the HomeKit section it will just say not in HomeKit and you used to be able to pair it to HomeKit from there. - To enable that step you have to physically turn the light off for a couple of minutes and turn it back on. If you now got back into the settings it should present you with a button to pair to HomeKit and you just follow those steps to get it fully up and running.

Hope this helps!

Posted in Toys and Gadgets (RSS)

Managing AD Computer Accounts with adcli and kerberos on Linux

Posted on Mon, Jun 02, 2025 at 12:12 by Hubertus A. Haniel

When configuring Samba on Linux against active directory these steps are part of this as well but you may just want to use kerberos on its own so these are the initial streps to get it working on RHEL8/9

First you need to install the krb5-workstation and adcli packages which should be available in the default repos.

Then you need to configure /etc/krb5.conf to reflect your AD domain (mine is upnor.localnet.lan)

    
 includedir /etc/krb5.conf.d/

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
    spake_preauth_groups = edwards25519
    default_realm = UPNOR.LOCALNET.LAN
    default_ccache_name = KEYRING:persistent:%{uid}

[realms]
  UPNOR.LOCALNET.LAN = {
  kdc = 192.168.0.10
  }

Now we need to join the domain and for this the command is something like:

 adcli join -v --domain "upnor.localnet.lan" -U <userid> -O OU=Unix\ Samba\ Servers,OU=SERVERS,DC=upnor,DC=localnet,DC=lan
  

Note that the OU stuff seems back to front to what it shows in the Windows Active Directory GUI where my OU or path is "\SERVERS\Unix Samba Servers" and you obviously have to escape the spaces with \ - The userid needs to be somebody that has the rights to manage computer accounts in that OU. - This has to be run as root.

The command will create the computer account and the /etc/krb5.keytab file.

You should now be able to get a kerberos ticket with "kinit <userid>"

Now we are in a position to run other commands and we can authenticate against AD with the kerberos ticket (-C option)

So we can for example create a SPN for our host (again as root as /etc/krb5.keytab will get modified)

 adcli update --add-service-principal=cifs/alias.upnor.localnet.lan --domain "upnor.localnet.lan" -v -C
  

alias.localnet.lan is an alias to my server running samba and we may need this to authenticate against samba on this server using this alias. - All these commands I have run in verbose mode (-v) as with this command I noticed that while adding an SPN where the update in AD failed but it still carried on updating the local keytab file.

We should be able to query the SPN from a windows client using "setspn -T upnor.localnet.lan -Q */alias.upnor.localnet.lan"

We can also pre-set a computer account for another server that may not have adcli installed but we want to join the domain using samba with "net ads join -U <userid>" because samba for some reason does not create computer accounts and certainly can not create them in a specific OU:

 adcli preset-computer <other server name> -domain "upnor.localnet.lan" -U <userid> -O OU=Unix\ Samba\ Servers,OU=SERVERS,DC=upnor,DC=localnet,DC=lan -v -C
  

The only bit I can not figure out is how to edit the SPN's for a remote host like you can with setspn in windows - I have, without success, tried various combinations to archive the same as:

 setspn -S http/daserver daserver1
   It will register SPN "http/daserver" for computer "daserver1"
    if no such SPN exists in the domain
 setspn -D http/daserver daserver1
   It will delete SPN "http/daserver" for computer "daserver1"   

If you work it out - let me know and I will add it here!

Edited on: Mon, Jun 02, 2025 13:30

Posted in HowTo (RSS), System - Linux (RSS), System - Windows (RSS)

Version comparison using rpm

Posted on Thu, Feb 20, 2025 at 11:35 by Hubertus A. Haniel

I have been playing a little bit with ChatGPT and its code generators and while doing this I stumbled across this. I wrote about versiion comparison in a previos post which is sort of a common thing that keeps coming up and I have used the function that I refer to there lots of times. It seems that rpm actually has a build in function to do this which returns result codes so you can refer to this with a function like this but obviously it will not work on other platforms and it seems that this has not been available on all rpm versions but I do not know when it was introduced:

compare_rpm_versions() {
    local version1="$1"
    local version2="$2"
    
    if [[ -z "$version1" || -z "$version2" ]]; then
        printf "Error: Two versions must be provided\n" >&2
        return 1
    fi

    if ! command -v rpm &>/dev/null; then
        printf "Error: rpm command not found\n" >&2
        return 2
    fi

    if rpm --eval "%{lua: print(rpm.vercmp('$version1', '$version2'))}" &>/dev/null; then
        local result; result=$(rpm --eval "%{lua: print(rpm.vercmp('$version1', '$version2'))}")
        case "$result" in
            1)  printf "%s is newer than %s\n" "$version1" "$version2"; return 0 ;;
            0)  printf "%s and %s are identical\n" "$version1" "$version2"; return 0 ;;
            -1) printf "%s is older than %s\n" "$version1" "$version2"; return 0 ;;
            *)  printf "Error: Unexpected comparison result: %s\n" "$result" >&2; return 3 ;;
        esac
    else
        printf "Error: Failed to compare versions\n" >&2
        return 4
    fi
}    
  

Edited on: Wed, Jun 04, 2025 15:00

Posted in HowTo (RSS), Packaging (RPM) (RSS), Shell Scripting (RSS), System - Linux (RSS)

Large File System out of lots of small chunks of free space.....

Posted on Thu, Dec 05, 2024 at 10:03 by Hubertus A. Haniel

DON'T TRY THIS AT WORK!
Just because it is possible it does not mean it is good practice!
I would not endorse this trickery/hack in a commercial environment.

This would not be supported in an enterprise environment and is probably not the safest way of keeping your data so I would not recommend this in a critical environment with critical data. On top of this not being the safest way to store your data it will also not be very efficient and I would expect a performance impact as a result of this. So this is just a bit of fun and may just help you out with a temporary fix to get you over a hurdle. I have done this on RHEL9 but it will work in the same way on other Linux distributions

Lets say you have a system with lots of file systems of which the size does not really matter but there are a few gigabytes here and there and you may even be able to add NFS mounted stuff although if there is a network failure you may end up with corruptions when the NFS parts fail. You can not shrink or rearrange the file systems to free up enough to store a larger file. In this example:

/filesystem-01
/filesystem-02
/filesystem-03
/filesystem-04

It is irrelevant of how big these file systems are but let say each of these have only about 25gb free but you want to create a file that is in the region of 80gb to 100gb for what ever reason. So lets go ahead and in each of these file systems we will create a sparse file (We can just create a full size file but a sparse file is faster to create. You will find that after that step the real space is not actually being used yet but with ls -al you will see the file size is shown as what it could grow to.)

dd if=/dev/zero of=/filesystem-01/filestore.img bs=1 count=0 seek=25G
dd if=/dev/zero of=/filesystem-02/filestore.img bs=1 count=0 seek=25G
dd if=/dev/zero of=/filesystem-03/filestore.img bs=1 count=0 seek=25G
dd if=/dev/zero of=/filesystem-04/filestore.img bs=1 count=0 seek=25G

Next we will create loop back devices that point to these files:

losetup --show -f /filesystem-01/filestore.img
losetup --show -f /filesystem-02/filestore.img
losetup --show -f /filesystem-03/filestore.img
losetup --show -f /filesystem-04/filestore.img

These will most likely end up being /dev/loop0 through to /dev/loop3 but if you have other loop back stuff mounted it may differ. The command "losetup -a" will list them for you.

We can now create a raid device on top of these loop devices with level raid 0 to have on continuous device:

mdadm -C /dev/md/filestore -l 0 -n 4 /dev/loop0 /dev/loop1 /dev/loop2 /dev/loop3

You can now treat /dev/md/filestore like a normal disk device. So you can partition it create one large filesystem on it.

When you want to unmount it (before rebooting for example although Linux may do it for you the steps are:

1. Unmount the file system
2. Stop the raid device ("mdadm --stop /dev/md/filestore"
3. Remove the loop devices ("losetup -d <for each device created>")

To remount the device again the steps are:

1. "losetup --show -f" for each of the image files as above
2. "mdadm --assemble /dev/md/filestore /dev/loop0 /dev/loop1 /dev/loop2 /dev/loop3"
3. mount the device as previously

If you are going to keep this setup for a longer time you may want to script the above to ensure it gets done on boot etc. - The same is probably archievable just with plain LVM but I have not attempted that and I suspect it may be more intrusive as you may have to modify lvm.conf to scan the loop devices. You also run in the danger of messing up your lvm meta data so I did not want to take the risk on creating volume groups on files that are already on top of a volume group which is the case on my system. You also would not want to extend existing logical volumes on to files bearing in mind that you may not be able to shrink stuff down when you want to remove it again.

Edited on: Thu, Dec 05, 2024 13:42

Posted in HowTo (RSS), System - Linux (RSS)

Free up space on a Apple MAC / OSX

Posted on Fri, Mar 15, 2024 at 15:29 by Hubertus A. Haniel

Apple Mac laptops are beautiful devices but they do cost a lot of money and usually come with very limited disk space which gets eaten up with mostly your photo library if you have an iPhone as well. - This will come and haunt you when you want to perform an update and suddenly your Mac says it does not have enough disk space. - Well here is a simple fix how to solve it.

By default on your Mac you will find it will download all your photos that you take on your other apple devices in full quality. So first thing you need to do is go into you photo library preferences and change "Download Originals to this Mac" to "Optimize Mac storage"

Now this will not free up space straight away unless you are actually running out of space. - To make this happen keep open your photo library and open up a couple of terminal windows. In one of these windows being in your home directory you can start a job to fill up your available space with "dd if=/dev/zero of=bigfile.tmp". You can use the other window with "df -h ." to watch how your disk space shrinks and also do a "du -sh Pictures" to see how that directory shrinks.

Once you think that you have shrunk your photo library sufficiently you can kill the dd job and remove bigfile.tmp which should then give you sufficient space on your drive to perform your upgrade.

Edited on: Sun, Aug 17, 2025 11:13

Posted in System - Apple / OSX (RSS)